Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-45749

ABI install fails when rendezvous host can not securely access the MCS

XMLWordPrintable

    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      ABI install of 4.18.ec4 (and rc0) fail when rendezvous host can not verify TLS cert on MachineConfigServer endpoint.

      Version-Release number of selected component (if applicable):

      4.18.0-rc.0

      How reproducible:

      Install of rc0 fails every time for me. Same configs.  

      Steps to Reproduce:

          1. Download openshift-install for 4.18.rc0
    2. Generate agent ISO
    3. Attach to the VMs being used as nodes
    4. Boot nodes
    5. Wait for failure when final node attempts to join cluster

      Actual results:

      Nodes master-2 and master-3 join cluster.
Node master-1 (rendezvous host) reboots.
Node master-1 connects to MCS and throws a TLS verification error indefinitely:   

--

ignitionI1188]: GET https://192.168.4.19:22623/config/master: attempt #4
ignition[1188]: GET error: Get "https://192.168.4.19:22623/config/master": tls: failed to verify certificate: x509 certificate signed by unknown authority

      Expected results:

      Rendezvous host successfully downloads machine config and becomes a node.

      Additional info:

      ABI install of 4.18.ec3 with same configs works fine.    

      Discussion in #form-ocp-agent:

      https://redhat-internal.slack.com/archives/C02SPBZ4GPR/p1733429661563539 

        1. Screenshot from 2024-12-06 07-36-54.png
          Screenshot from 2024-12-06 07-36-54.png
          63 kB

              bfournie@redhat.com Robert Fournier
              dbewley@redhat.com Dale Bewley
              Manoj Hans Manoj Hans
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: